[OTR-dev] Separate Fingerprint For Each Account?
otr at synx.us.to
otr at synx.us.to
Wed Sep 17 01:44:09 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Is there any way to use just one fingerprint, and authentication key,
for more than one instant messaging account? I understand the current
implementation makes a separate fingerprint for each account, but my
question is if it's possible to do otherwise? Or is there some essential
function to having a separate key for separate accounts?
It seems to me that the channel by which the messages are exchanged does
not matter, as long as the authentication proceeds as expected. If I
have fingerprint "XXXXX" it would not matter whether I came from "synx"
or "synx001" on AIM, or even "synx at jabber.org" or some other jabber
account. Perhaps a given conversation should be restricted to one
channel instead of multiplexed across many accounts (sounds like a
coding nightmare, and not necessary), but the same fingerprint, couldn't
it show up for many different accounts?
That way if I contacted someone via AIM, I would not have to re-verify
my identity if contacting them via jabber or YIM, or from another AIM
account. Sure it's trivial to send a message along the old channel
saying "Hey this new fingerprint is me too" but that requires a lot of
manual fiddling to get it to work. Additionally if my old account was
destroyed without warning, say for instance my chosen jabber server
closed up shop, then I would not be able to send a message along the old
channel, so would have to rely on flimsy methods like calling someone on
the telephone to verify my identity, all over again. If I had the same
fingerprint for many accounts, the problem would never even come up,
assuming I was already verified.
I can see the value of having more than one authentication key: so you
can have several different identities, but I cannot see the utility of
requiring a separate key for each account. Even more so, I cannot see
why it is necessary to have a separate key for each account, besides the
fact that the current implemenation uses some kind of lookup table
matching "account -> key". It could as easily be "identity -> key" where
"identity" is shared between some, or all physical channels and accounts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkjQmSkACgkQB/meY5RuPPRCcACgsHx2MtieeHiPyE30IixEPF0P
LDgAmwYzm7ku7IHxFBtjTOPG6FCo/QrH
=it1K
-----END PGP SIGNATURE-----
More information about the OTR-dev
mailing list